Session Hijacking - MDN Web Docs Glossary: Definitions of Web-related terms 编辑
Session hijacking occurs when an attacker takes over a valid session between two computers. The attacker steals a valid session ID in order to break into the system and snoop data.
Most authentication occurs only at the start of a TCP session. In TCP session hijacking, an attacker gains access by taking over a TCP session between two machines in mid session.
Session hijacking occurs because
- no account lockout for invalid session IDs
- weak session-ID generation algorithm
- insecure handling
- indefinite session expiration time
- short session IDs
- transmission in plain text
Session hijacking process
- Sniff, that is perform a man-in-the-middle (MITM) attack, place yourself between victim and server.
- Monitor packets flowing between server and user.
- Break the victim machine's connection.
- Take control of the session.
- Inject new packets to the server using the Victim's Session ID.
Protection against session hijacking
- create a secure communication channel with SSH (secure shell)
- pass authentication cookies over HTTPS connection
- implement logout functionality so the user can end the session
- generate the session ID after successful login
- pass encrypted data between the users and the web server
- use a string or long random number as a session key
Learn more
General knowledge
- Session hijacking on Wikipedia
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论